From patchwork Tue Nov 5 21:44:48 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adrian Bunk X-Patchwork-Id: 178571 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp1337770ilf; Tue, 5 Nov 2019 13:46:20 -0800 (PST) X-Google-Smtp-Source: APXvYqwUZWy96u/LVEUE70RfHDcn8YBBdabADb8pc06soY1s5yIw356Fkb4Rg9E2Gv6eNvnHbZO5 X-Received: by 2002:a17:902:8bc4:: with SMTP id r4mr5389810plo.82.1572990379986; Tue, 05 Nov 2019 13:46:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1572990379; cv=none; d=google.com; s=arc-20160816; b=RjcwJjo5vuz5ibIxnsZJHM3kuwCS/GgbupD0W+n5CgvxYIm6VzN+FOkJZsgo5DLS/m H81qIr9zF3AOJWuO07KO56LgM1GknJNbP80olrtfOmRXqljvdxt7d5YatNV9ofGRM3+z /nyUB+PgjIZG7C+P5P4T11rVKGLyn3homrWXnM2HoOrn2pUuVxgbr4hZPKqXJeuWFEaf SGeH/M39Ka6OXEzhZJcdFzzGv/tu4jn0+g7RRqBEaYkzKX+VswZaHCFY/qE+oJOblbcn udPdfvhwlJ6IbVcjSIiJw/8QMNhRjpBV2Rd6dnjpHzIft6SqwqKEGCjhWUWrkyDfr8FM +6nw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:message-id:date:to:from:dkim-signature :delivered-to; bh=tHl16vtsLmaxT3skaXNCG8n6IDWeNoDbU0ufEUmdnSk=; b=SsThzJk2+CPuxgyjg33GCNvTZdLvn7UbJnevfP9iDHz2MdqDIjo3zkoHVs0qehtWM3 LPY/guSSu6OqPSHOpvCl5YlXBhXQDiOwO6Ne8uqS7iAXtIB9DqKclQwNyVtkSXc1kCMp IIuvzjjcbLGAs8TnWPUm3M79qIZ1aGS1krB9bqWeaCuP9wqUv+dp56dI0pdC0QAUGdZ9 Gj+NtTlGY/xX+WEdIly/XqVQ5UtFBIyaAKsL0ADCD9Mb2pF0a6K+6WhJSDZafOPve5ew Rs5tc5HfHTSvW8ntTW3DoOaIYvSA+YQBykIcR5E/alaxezAjCsfJrKSLbei1moL8nl2l weDg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@stusta.de header.s=default header.b=PWKAXNcX; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=stusta.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id v10si24807682plo.294.2019.11.05.13.46.19; Tue, 05 Nov 2019 13:46:19 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@stusta.de header.s=default header.b=PWKAXNcX; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=stusta.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 69A967FA14; Tue, 5 Nov 2019 21:45:11 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.stusta.mhn.de (mail.stusta.mhn.de [141.84.69.5]) by mail.openembedded.org (Postfix) with ESMTP id 6976C7F8A4 for ; Tue, 5 Nov 2019 21:44:53 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) by mail.stusta.mhn.de (Postfix) with ESMTPSA id 47739L3CFBzHq for ; Tue, 5 Nov 2019 22:44:54 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stusta.de; s=default; t=1572990294; bh=TDGOvceTFBTAiDIBVlH3oriIDFpUl8/od1J2r5JQE/M=; h=From:To:Subject:Date:From; b=PWKAXNcX5XlT4VcaDufrQmljULB3M40Vf/L/8CJWFvsWu4KVVYQeOzq18wsHUZlJi aGp/sA69pld+QStvoOpAAEhy+HRCcEdFD0t0bNUx+twLdhqe6f6lv4MD+laoOSsKUy PZNvZh5yVJTvxLkEHckC8yLd8ALLlF5tcDxd+nYaiBQgxXFab+XNZJS2wVIRn9kXcR EpjD+F+9JeBMk2TTZn+J+uvc608O9bRsKL2GQtM1Jwa477X0J1q6/cdlI6ZhzTXjan n7nvsOyjFcXq4Ym7BFWu6dvU0cLd71gJ/WHPzf8ACjvKnU70uNDpjrUgrtfxn4O6+s zMK1BpeZ0WReJpWlxr7F0qru4szbs81+SOMWhRLn46AFsivvL30twXt3K7A4XyEHqb CH8AGC1//RjTemjDKuhXvV+2vnNQbLRt/QB82ccIvMQ92db1ruw/79gFEETkh9lIip XZ1BYPWdSThROj12vNkxzlHOL65+ReFbs7h5MrWrWJz2JRB/Xh2Fxlg28DUDfODpvw +xl5Aobp0Cijqx8p43xY6PbiV7ZDNqDr13O5YJkt3sOwDHdIakvzNpJ2mX3BsjGmUO 6Z8TiRA7nxxYgvE9b+Jc9L5MxM3T3B7sc4zvqmVZ8kdkSPaoP7FjZCuux2c5QTvgpL nQ4yXdjCJyczR8SL4K2jhokg= From: Adrian Bunk To: openembedded-core@lists.openembedded.org Date: Tue, 5 Nov 2019 23:44:48 +0200 Message-Id: <20191105214448.2511-12-bunk@stusta.de> X-Mailer: git-send-email 2.17.1 Subject: [OE-core] [warrior][PATCH] procps: whitelist CVE-2018-1121 X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton This CVE is about race conditions in 'ps' which make it unsuitable for security audits. As these race conditions are unavoidable ps shouldn't be used for security auditing, so this isn't a valid CVE. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Signed-off-by: Adrian Bunk --- meta/recipes-extended/procps/procps_3.3.15.bb | 3 +++ 1 file changed, 3 insertions(+) -- 2.17.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-extended/procps/procps_3.3.15.bb b/meta/recipes-extended/procps/procps_3.3.15.bb index 9756db0e7b..a20917b223 100644 --- a/meta/recipes-extended/procps/procps_3.3.15.bb +++ b/meta/recipes-extended/procps/procps_3.3.15.bb @@ -64,3 +64,6 @@ python __anonymous() { d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_sbindir'), prog)) } +# 'ps' isn't suitable for use as a security tool so whitelist this CVE. +# https://bugzilla.redhat.com/show_bug.cgi?id=1575473#c3 +CVE_CHECK_WHITELIST += "CVE-2018-1121"